Policies
Business guardrails that override all other suggestions. Define what your AI assistant should never do.
Policies Override Everything
Policies are the highest priority in the knowledge base. They override patterns, templates, rules, and even direct requests. Use them for critical business rules.
Purpose
Policies define hard rules for your AI assistant:
- What it should never do (hard blocks)
- What requires explicit approval (require approval)
- What it should warn about but can proceed (warnings)
Policy Structure
{ "id": "no-refund-promise", "name": "No Unauthorized Refunds", "category": "financial", "severity": "hard_block", "trigger": "refund|money back|reimburse", "action": "Never promise refunds without explicit user approval", "response": "I'll need to check with the team on refund eligibility and get back to you.", "enabled": true}Field Reference
| Field | Description |
|---|---|
id | Unique identifier |
name | Human-readable name |
category | security, financial, communication, operations |
severity | hard_block, require_approval, warn |
trigger | Keywords or patterns that activate this policy |
action | What the AI should do when triggered |
response | What to say to the requester (if applicable) |
enabled | Whether this policy is active |
Severity Levels
| Level | Meaning | AI Behavior |
|---|---|---|
hard_block | Never do this | Refuse, explain policy, cannot override |
require_approval | Needs human approval | Draft response, wait for user confirmation |
warn | Caution, but can proceed | Alert user, proceed if they confirm |
Categories
- security — Data protection, access control, confidentiality
- financial — Refunds, discounts, pricing, payment terms
- communication — What can be said, tone requirements, approval needs
- operations — Process rules, handoffs, escalation
Example Policies
Financial: No Unauthorized Refunds
{ "id": "no-refund-promise", "name": "No Unauthorized Refunds", "category": "financial", "severity": "hard_block", "trigger": "refund|money back|reimburse", "action": "Never promise refunds without explicit user approval", "response": "I'll need to check with the team on refund eligibility and get back to you.", "enabled": true}Financial: Discount Approval
{ "id": "no-discount-promise", "name": "No Unauthorized Discounts", "category": "financial", "severity": "require_approval", "trigger": "discount|deal|lower price|coupon", "action": "Draft response, flag for user to decide discount", "response": "Let me check what options might be available for you.", "enabled": true}Security: No Confidential Info
{ "id": "no-confidential-share", "name": "No Confidential Info", "category": "security", "severity": "hard_block", "trigger": "other customer|competitor|internal|confidential", "action": "Never share other customer info, internal data, or competitor details", "response": "I'm not able to share that information.", "enabled": true}Operations: Escalate Threats
{ "id": "escalate-threats", "name": "Escalate Threats", "category": "operations", "severity": "require_approval", "trigger": "lawyer|sue|legal action|report you|BBB|attorney general", "action": "Flag immediately for user attention, do not respond without approval", "response": null, "enabled": true}Priority Order
When the AI handles an email, it checks knowledge in this order:
- Policies — Hard rules, override everything
- Contact preferences — Person-specific settings
- Account rules — Account defaults
- Blitz preferences — Global user defaults
- Templates/patterns — Suggestions only
When to Add Policies
Add a policy when:
- User corrects the same mistake twice
- User says "never do X" or "always do Y"
- Sensitive pattern emerges (financial, legal, confidential)
- User expresses concern about AI autonomy in an area
Start Conservative
When in doubt, use
require_approval instead of hard_block. You can always tighten policies later.File Location
~/.config/pontius/knowledge/policies/policies.json